Sorry, I missed a permission check on invocation of trusted procedures. When client's label getting switched to Y from X, we needed to check process:transition permission between label X and label Y. It is same manner when OS launches a program with a special label to cause domain transition.
The attached patch adds checks this permission when user tries to invoke a trusted procedure and switch security label of the client. In addition, it also adds a case of regression test of this problem. Thanks, -- NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei <[email protected]>
sepgsql-fix-domain-transition.1.patch
Description: sepgsql-fix-domain-transition.1.patch
-- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
